CEOs no longer view cyber security as a standalone solution
CEOs no longer view cyber security as a standalone solution

CEOs no longer view cyber security as a standalone solution

Advanced technologies pose threats that require cyber security to be embedded in all technology-fueled growth decisions

Our 5th annual U.S. CEO Outlook, based on a survey of 400 U.S. CEOs across all major industries and conversations with a dozen leading CEOs, offers deep insights into the major forces impacting today’s business landscape, and how CEOs are managing the challenges. “Agile or irrelevant: Redefining resilience,” our 2019 U.S. CEO Outlook report, indicates that the majority of CEOs surveyed believe the ability to be agile and build a resilient organization are critical to remaining relevant as the speed of change accelerates. Our blog series provide s perspective and insight from a wide range of KPMG leaders on these findings.

Technology is a key driver of disruption and it is also the top risk. Continuing technology-driven disruption fueled by advanced technologies, such as artificial intelligence, blockchain or cloud, creates more fertile ground for cyber security breaches and attacks. 

The ability to balance technology’s risks and opportunities is imperative for staying competitive and engendering the trust of stakeholders.  These threats require an integrated approach, embedding cyber in all technology-fueled growth decisions.

It is reassuring that U.S. CEOs view cyber risk very much as part of technology risk. In fact, 44 percent of those who see emerging or disruptive technology risk as the greatest threat to their organization’s growth classify cyber security risk as its cause. 

Changing perceptions of cyber risk and its place in the enterprise

CEOs are no longer looking at cyber risk as a separate topic or a standalone solution. More and more they have it embedded into their overall change programs and are beginning to make strategic decisions with cyber risk in mind. Additionally, boards of directors are changing the way they perceive cyber risk. In particular, there is a movement to move the cyber risk topic out of the audit committee and into a technology committee, or, even better, a risk committee. This helps align cyber with enterprise risk, as it should be. 

New technologies, such as artificial intelligence, pose new threats, and we need to protect AI from making decisions based on misinformation. The wide-ranging promise of AI and techniques such as deep learning is truly exciting, but the technology underlying these advances is now also available to those who would use it for mischief and worse. 

That’s the blessing and the curse: adaptive, intelligent bots can learn to do remarkably precise and reliable work designed to illuminate or deceive. From an enterprise perspective, the questions in relation to artificial intelligence, machine learning and deep learning are around augmenting existing systems to respond to these threats and malicious software attacks in a near-automated fashion. Deep learning represents an opportunity for organizations to augment and build out security capabilities to protect, enable and sustain the business. This is a topic KPMG explored in-depth last year in Fighting cyber with cyber.

CEOs also recognize the importance of cyber security for maintaining the reputation of their companies with their stakeholders. Companies must better position themselves to seize the opportunities arising from consumer trust agendas, which have gained priority against the backdrop of new cyber threats to both organizations and consumers who use their products. 

And while more CEOs recognize the importance of cyber security, fewer feel prepared for cyberattacks (68 percent, down from 77 percent last year), as the increased complexity of digital transformation driven by advanced technologies also increases the complexity of the potential fallout from cyberattacks. The adoption of an integrated approach to cyber risk is thus a very welcome development.

For further insights and data from leading U.S. CEOs and KPMG leaders, download the entire “Agile or irrelevant: Redefining resilience” U.S. CEO Outlook report here.


of U.S. CEOs agree this year that "strong cyber security is critical to engender trust with our key stakeholders," compared with 15% last year.


of U.S. CEOs consider their companies prepared for a cyberattack this year, compared with 77% last year.